Privacy Policy
Last updated: 10 July 2026
This Privacy Policy explains how HealthTracker.Fit ("the app", "we", "us") collects, uses, stores, shares, and protects your information when you use our Android application. We take the privacy of your health data seriously. This policy is written to meet the requirements of Malaysia's Personal Data Protection Act 2010 (PDPA) and to respect GDPR-style data-protection rights for users in other regions.
1. Who we are
HealthTracker.Fit is operated by Two Quarters Ventures. For any privacy question or to exercise your rights, contact us at hello@healthtracker.fit.
2. What data we collect
We only collect what the app needs to work. This includes:
| Category | Examples |
|---|---|
| Account | Email address, and (if you sign in with Google) your Google account email and basic profile. A display name if you provide one. |
| Health & fitness data | Food and calorie logs, macros, body weight, water intake, exercise, fasting sessions, supplements and dose-adherence records, and blood-test / lab marker values you enter or photograph. |
| Profile & goals | Optional body metrics you enter (age, sex, height, weight, activity level) and your calorie/macro goals, used to calculate targets and reports. |
| Photos you take | Photos of meals, supplement labels, and lab reports that you choose to capture for analysis. |
| Technical data | A device attestation token (Firebase App Check) and standard crash/diagnostic information used to keep the service secure and reliable. We do not use advertising identifiers, and the app contains no third-party ad networks. |
We do not collect your precise location, contacts, or browsing history.
3. How we use your data
- To provide the core features — logging, tracking, trends, reminders, and reports.
- To calculate your calorie and macro targets and generate your Health Report.
- To analyse photos you take of meals, supplement labels, or lab reports (see section 6).
- To secure the service and prevent abuse (e.g. rate limiting and device attestation).
- To respond to your support requests.
We do not sell your personal data, and we do not use it for advertising or profiling unrelated to the app's features.
4. Legal bases for processing
Where GDPR-style rules apply, we rely on:
- Consent — for processing health data and for optional features like Google Drive backup and AI photo analysis. You give consent by choosing to use those features, and you can withdraw it at any time.
- Performance of a contract — to deliver the app's functionality you signed up for.
- Legitimate interests — to keep the service secure and working (e.g. abuse prevention), balanced against your rights.
Under Malaysia's PDPA, we process your personal data on the basis of your consent and to fulfil the service you have requested.
5. Who we share data with
We share data only with the service providers (data processors) needed to run the app:
| Provider | Purpose | What is shared |
|---|---|---|
| Google Firebase (Google LLC) | Authentication, database (Firestore), file storage, cloud functions, app security | Your account, health data, and photos, stored in your own protected account space |
| Anthropic (Claude AI) | Analysing photos you take of meals, supplement labels, and lab reports; writing the narrative in your Health Report | The image or figures for that specific request only (see section 6) |
| USDA FoodData Central | Food nutrition search | Your search terms only — no personal or health data |
| Open Food Facts | Barcode and product lookup | The barcode or product query only — no personal or health data |
| Google Drive (optional) | Backing up your generated report PDFs, only if you turn it on | Your report PDFs, to your own Google Drive (see section 7) |
We may also disclose data if required by law, or to protect the rights, safety, or property of our users or us.
6. AI photo & document analysis
When you use AI photo food logging, supplement-label scanning, or lab-report reading, the image you capture is sent securely to Anthropic's Claude AI service to extract the relevant information (for example, the foods in a meal or the markers on a lab report). This happens only for the specific request you initiate.
Anthropic processes the request to return a result and, per its API terms, does not use data submitted through its API to train its models. We send the minimum needed for the feature and do not attach your identity to the request beyond what is technically required.
7. Optional Google Drive backup
You can optionally connect Google Drive so your generated Health Report and Lab Report PDFs are automatically saved to your own Drive. This is off by default and only happens if you turn it on and grant permission.
- We request the minimum Drive permission (
drive.file) — the app can only create and access files it makes itself. It cannot see, read, or browse any of your other Drive files. - The PDFs are saved to a folder in your Drive. They belong to you.
- Disconnecting stops future backups; it does not delete files already saved to your Drive — those remain yours to keep or remove.
Our use of Google Drive complies with the Google API Services User Data Policy, including its Limited Use requirements.
8. Where your data is stored & how it is secured
Your data is stored in Google Firebase's secure cloud infrastructure. We protect it with:
- Owner-only access rules — each user can only ever read or write their own data; no other user can access it.
- Encryption in transit and at rest, as provided by Google Cloud.
- Device attestation (App Check) and per-user rate limiting to block abuse and impersonation.
- API keys and secrets kept server-side only, never shipped in the app.
No system is perfectly secure, but we design the app to use the least access necessary and to keep your health data protected.
9. Retention & deletion
We keep your data for as long as your account exists. You can delete your account from within the app at any time (Settings → Delete account). Deleting your account permanently erases your profile and all associated health data — food logs, weights, water, exercise, fasting, recipes, favourites, lab reports, generated reports, and supplement records — from our systems.
Files you previously chose to back up to your own Google Drive are yours; account deletion does not remove them from your Drive, and you can delete them there yourself.
10. Your rights
Depending on where you live, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data (most of which you can edit directly in the app).
- Delete your data (via in-app account deletion, or by contacting us).
- Withdraw consent for optional processing (e.g. turn off Drive backup, stop using AI photo analysis).
- Data portability — request a copy of your data in a portable form.
- Object to or restrict certain processing.
To exercise any right, email hello@healthtracker.fit. You also have the right to lodge a complaint with your local data-protection authority.
11. Children
HealthTracker.Fit is not directed at children under 13 (or the minimum age of digital consent in your country). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. We will update the "Last updated" date above and, for material changes, provide notice in the app. Continued use after changes take effect means you accept the updated policy.
13. Contact us
Questions, requests, or complaints about your privacy? Email us at hello@healthtracker.fit and we will respond as promptly as we can.